Method and apparatus for routing a packet in mobile ip system

ABSTRACT

The system includes a mobile node ( 101 ) communicating with a correspondent node ( 102 ), a home agent node ( 131 ) managing the mobile node ( 101 ), a proxy node ( 121 ) being located closer to the mobile node ( 101 ) than the home agent node ( 131 ) and relaying the packets from the mobile node ( 101 ) to the home agent node ( 131 ), and a routing manager ( 141 ) managing a route of the packets. The proxy node ( 121 ) detects a trigger of a packet route optimization and notifies the routing manager ( 141 ). The proxy node ( 121 ) establishes the optimized routing path according to a command received from the routing manager ( 141 ) and routes the packets through the established routing path using a secure method.

TECHNICAL FIELD

The invention relates to a method, apparatus and system to preferablyroute a packet via an IP network, and more particularly to a proxy nodehaving a packet routing optimization function and a routing addresssecuring function.

BACKGROUND ART

The IP-based IMT (International Mobile Telecommunication) networkplatform (IP² from now on) is a network architecture that supportsterminal mobility with both route optimization and location privacy [T.Okagawa, M. Jo, K. Nishida, A. Miura, “IP Packet Routing Mechanism Basedon Mobility Management in IP-based IMT Network Platform,” ICIN 2003,March 2003.] Fundamental to IP² is the separation of the Network ControlPlatform (NCPF) and the IP Backbone (IP-BB). The NCPF controls theIP-BB. The IP-BB comprises IP routers with additional packet processingfeatures, such as address switching. The NCPF comprises signalingservers that command the IP-BE entities intelligently.

Mobile terminals (or mobile nodes, MN) are assigned permanent terminalidentifiers that take the form of an IP address. In addition MNs areassigned a routing address by the IP² access router (IP²AR). In basicIP² the mobile terminal is attached to an IP²AR. The routing address isspecific to the location of the MN, and to support location privacy itshall not be revealed to any other MNs. When the MN moves to anotherIP²AR, a new routing address is allocated to the MN from the pool ofrouting addresses available at the new IP²AR. The binding between theMN's terminal identifier (IPha, as of “IP home address”) and its routingaddress (IPra, as of “IP routing address”) is communicated to the NCPFby the IP²AR.

When a MN (MN1) wishes to send a packet to another MN (MN2) it usesMN2's IPha as destination address in the packet and transmits the packetto its IP²AR (IP²AR2). IP²AR1 (defined as the sending IP²AR) detectsthat the packet is addressed to an IP² MN and queries the NCPF about thelocation of MN2. The NCPF responds with the IPra of MN2, stored in AR1,along with the IPha of MN2. Then, the destination address of the packet(IPha of MN2) is replaced to the IPra of MN2. This operation is referredto as address switching (optionally, the source address of the packetcan also be replaced to the IPra of MN1). The packet is then deliveredusing traditional IP forwarding to the node that owns the IPra of MN2.The node is IP²AR2. IP²AR2 (defined as the receiving IP²AR) thenreplaces the destination (and optionally the source) address of thepacket to the IPha of MN2 and delivers the packet to MN2.

An important function of IP² is IP²AR notification. Whenever MN2 movesto a new IP²AR (probably as a result of IP handover), the new IP²ARallocates a new IPra for MN2 and the NCPF is updated with this new IPra.Then the NCPF notifies all IP²ARs that have MNs that send packets toMN2. As a result, sender IP²ARs will send MN2's packets to the newlocation.

FIG. 1 shows a basic Mobile IP system. Mobile IP version 6 (MIP from nowon) is an Internet Engineering Task Force (IETF) defined method forhandling IP node mobility [D. Johnson, et al, “RFC 3775: MobilitySupport in IPv6”, June 2004, IETF]. All MIP aware MNs have a Home Agent(HA) and a permanent Home IP Address. The Home IP Address istopologically correct at (i.e., routed towards) the HA. From the MN'sperspective this address is similar to the IPha defined in the IP². Bothaddresses are unique and permanent identifiers of the given MN. From nowon, the term IPha will be also referred to as the MIP Home IP Address ofthe terminal.

An IP subnet, to which a MN can be attached, will be referred as a“Visited Network” (VN). The MN's HA is located outside of any possibleVNs. When an MN is located in a VN the MN cannot use its IPha as a validIP address since the IPha is topologically incorrect within the VN. Forthis reason, the MN configures a Care of Address (CoA) using a validlocal prefix. The CoA can be used to send and receive IP packets as longas the MN stays in the same visited IP network. Changing the VN willresult in IP handover. The term Correspondent Node (CN) is used todenote the IP host that the MN is communicating with. One MN may havemultiple CNs at the same time, and CNs can themselves be mobile.

A MIP enabled MN can choose between two kinds of communication forms tomaintain session continuity in case of IP mobility. In the first caseall traffic between the CN and the MN is sent through the HA usingbi-directional tunneling. The MN updates its HA whenever the MN's CoAhas been changed using Binding Update (BU) messages. The HA tunnels allIP packets arrived to the MN's IPha using the MN's actual CoA.Similarly, the MN tunnels all its transmitted packets to the HA, usingIPha as the inner source IP address. The HA decapsulates the packets andtransmits them towards their ultimate destination. This form ofcommunication enables location privacy if the HA is trusted by the MN.However, one drawback of this mode of communication is routesub-optimality: all packets need to, go through the Home Agent.

The second way of communication in MIP is route optimization. Routeoptimization enables packets to travel between the MN and the CNdirectly without visiting the HA. It is performed in an end-to-endfashion by directly transmitting BUs between the MN and the CN. Thisaction breaks location privacy since the location of a MN (the CoA,which is topologically specific) is revealed to the CN.

Route optimization (second case) in MIP is done in an end-to-endfashion. The MN enables route optimization by sending a BU message toits CN. This BU message contains MN's CoA. From this point a NIP awareCN and MN can directly exchange IP packets using the CoA as source ordestination address and putting the MN's IPha as a Home Address Optioninto the IP headers in order to identify the MN. Such packets are sentusing the optimal route.

FIG. 2 shows a Hierarchical Mobile IP system. Hierarchical Mobile IP(HMIP) [H. Soliman, et al, “Hierarchical Mobile IPv6 mobility management(HMIPv6)”, 16-06-2004, IETF Draft] introduces a Mobility Anchor Point(MAP), which serves as “local” HA, adding a new hierarchy level to theMIP system. MNs exact point of attachment to the IP network ischaracterized by a CoA configured at its current link. This IP addressis referred to as the Local Care-of-Address (LCoA). HMIP aware MNs canupdate their MAPs using the LCoA in case of IP handovers. This isbeneficial when the MAP is topologically close to the moving MN and itsHA and the CNs are far away. In this case, a Regional Care-of-Address(RCoA) is configured at the MAP and used instead of the LCoA for thosenodes (i.e., the HA and CNs), which are far away from the MN. All IPhandovers “under” the same MAP are not visible to nodes if the MN usesits RCoA as a CoA. Additionally the CNs cannot learn the exact locationof the MN, but the approximate location is revealed via the RCoA.

DISCLOSURE OF INVENTION

The problem, which the present invention tackles; is that the IETFstandard NIP system does not allow location privacy in conjunction withroute optimization.

Thus, the present invention provides some solutions to the problem.According to one aspect of the present invention, the IP² architectureis combined with the MIP/HMIP system.

According to another aspect of the present invention, a method, anapparatus and a system to optimally solve the problem are provided. Forinstance, the system includes a mobile node communicating with acorrespondent node, a home agent node managing the mobile node andrelaying packets sent from the mobile node to the correspondent node, aproxy node being located closer to the mobile node than the home agentnode and relaying the packets from the mobile node to the home agentnode, and a routing manager managing the route of packets.

The prosy node including:

a detection unit which detects a trigger for a packet routeoptimization; a notification unit which notifies the routing manager ofthe detected trigger;

a route establishing unit which establishes the optimized routing pathaccording to a command received from the routing manager;

a securing unit which secures a routing address for the packets, therouting address is dynamically allocated to the mobile node; and

a routing unit which routes the packets secured by the securing unit tothe correspondent node through the established routing path.

Other features and advantages of the present invention will be apparentfrom the following descriptions taken in conjunction with theaccompanying drawings, in which like reference characters designate thesame or similar parts throughout the figures thereof.

BRIEF DESCRIPTION OF DRAWINGS

A more reasonable understanding of the method, apparatus and system ofthe present invention may be obtained by reference to the followingdetailed description when taken in conjunction with the accompanyingdrawings wherein:

FIG. 1 shows a basic Mobile IP system;

FIG. 2 shows a Hierarchical Mobile IP system;

FIG. 3 shows overview of an exemplary mobile communication system towhich the present invention is preferably applied;

FIG. 4 shows an exemplary signal sequence of the embodiment;

FIG. 5 shows an exemplary block diagram illustrating basic components ofthe proxy node in the preferred embodiments; and

FIG. 6 shows a flowchart illustrating a routing process of the exemplaryembodiments.

BEST MODE FOR CARRYING OUT THE INVENTION

Through the specification, the terms “optimization”, “optiMize”, and“optimal” are used to emphasize that a newly established routing path isshorter than an old routing path. Sometimes the old routing path means aroute via a mobile node's home agent.

FIG. 3 is an overview of an exemplary mobile communication system towhich the present invention is preferably applied. In FIG. 3, number 101denotes an exemplary mobile node (MN). Correspondent node (CN) 102 iscommunicating with MN 101. CN 102 can be a fixed or a mobile node. AR111 and AR 112 are access routers. Even though only two access routersare shown in FIG. 3, it is clear that there may be much more accessrouters in a practical network.

IP²P_MN 121 is a proxy node for MN 101. IP²P_CN 122 is a proxy node forCN 102. The proxy node is placed into any IP node where all IP trafficof a given MN is visible. The proxy node is explicitly notified about anewly attached MN. One example is Authentication Authorization andAccounting (AAA) signalling or the like. The proxy node has as itsfunction to de-capsulate IP packets encapsulated by the MN. The proxynode also has as its function to reproduce an encapsulation as if thepacket was sent by an MN, MAP or HA. The transfer method between IP²Pscan be either address switching, tunneling or secure tunneling.

HA_MN 131 is the home agent of the MN 101 in a Mobile IP (MIP) context.HA_CN 132 is the home agent of the CN 102 within a Mobile IP (NIP)context. NCPF 140 is the network control platform defined in IP². In theNCPF 140, a routing manager 141 is placed so as to manage theoptimization of a routing path between MN 101 and CN 102. The routingmanager 141 is a function that may be located in one or more node(s). Incase that the routing manager 141 be located in a plurality of nodes asa distributed function, the routing managers 141 communicate andinteract with one another. A tunnel 150 constitutes an optimized routingpath between IP²P_MN 121 and IP²P_CN 122.

To provide route optimization with location privacy in a backwardcompatible way, this embodiment defines two new functions, the IP² proxy(IP²P) and the NCPF 140, to be added to the MIP system. The IP²P handlesroute optimization. The IP²P, in essence, acts as an IP²AR and can beplaced, for example, in the physical access router.

The NCPF 140 is also introduced as a signaling infrastructure. The NCPF140 used in this embodiment can be practically equal to and interworkwith the mobility management parts of IP²'s NCPF. One of its parts is RM141.

The MN 101 is a legacy MIP terminal maybe with a configuration that isspecific to this embodiment. The MN can decide on a per connection basiswhether it requires location privacy or does not care about it.According to MIP, the MN can, at any time, send a MIPv6 Binding Update(BU) to any of the MN's CNs. This results in optimal routing, howeverthe BU reveals the MN's location.

Thus, when the MN decides that location privacy is required, the routeoptimization mechanism and its related functions, defined in MIP, arenot invoked even if the MN sends BUs. It may be a preferable solutionthat the MN 101 is be configured not to send BUs to CNs. Alternatively,IP²P_MN 121 or other relating nodes may capture and discard the BUs, andIP²P_MN 121 or other relating nodes may generate an activatenotification (AN) to be sent to NCPF 140, based on the BUs. Then theNCPF 140 manages the route optimization in response to the ANs. However,the alternative solution can be applied if the BUs are not protectedwith secure method such as IPSec and a encryption. It should be notedthat the BUs addressed to the HA should be passed to the HA while theBUs addressed to the CNs are discarded since the HA should know andmanage the MN's location.

Although some solutions to abort sending BU are explained above, thesesolutions are not essential for the present invention. In other words,the present invention can be applied to the MN that sends a standardMIPv6 Binding Update to its CN. Also the MN may be configured to choosewhether the MN uses MIPv6 operation regarding BU or any one of theabove-described solutions.

FIG. 4 shows an exemplary signal sequence of the embodiment. At stepS201, MN 101 receives an advertisement of a new AR 111. For example thisadvertisement can be a regular Router Advertisement defined in MIP.

At step S202, AR 111 of a visited network and MN 101 configure a newrouting address (CoA). If applying MAP to the system, an LCoA may beconfigured and used instead of CoA.

At step S203, IP²P (IP²P_MN 121) identifies the CoA and the IPha of MN101 from a login process or a handover process executed between MN 101and IP²P_MN 121. The login process uses Authentication, Authorizationand Accounting (AAA) signalling or the like. Any signalling thatsecurely confers the identity of the MN to the IP²P is sufficient, itdoes not have to be AAA signalling.

At step S204, IP²P_MN 121 sends an activation notification (AN) to RM141 in NCPF 140 using IP² signalling. The notification includes the CoA,the IPha of MN 101 and the identification of IP²P_MN 121. RM 141receives the notification and stores the CoA, the IPha and theidentification of IP²P_MN 121 into a table. As a result, the NCPF 140always has up-to-date information about MN-IP²P relations.

At step S205, IP²P_MN 121 sends a Binding Update (BU) to HA_MN 131. Itshould be noted that the step S205 may be done in parallel with theabove-described steps.

At step S206 MN 101 starts a communication with CN 102 usingbi-directional tunneling through the MN's HA 131 and the CN's HA 132 asin legacy MIP. Assuming that CN 102 is a mobile node, the path taken bythe packets is MN 101->HA_MN 131->HA_CN 132->CN 102. IP²P_MN 121monitors such traffic so as to detect a trigger for a routeoptimization. For example, IP²P_MN 121 determines whether the trafficmonitored exceeds a predetermined value.

At step S207, IP²P_MN 121 notifies that the trigger is detected. Forexample, IP²P_MN 121 queries the NCPF 140 telling that a new connectionis present and might be route optimized.

At step S208 NCPF 140 identifies the IP²P of CN 102 and sends a commandto IP²P_MN 121 and IP²P_CN 122. The command sets up a direct connectionbetween IP²P_MN 121 and IP²P_CN 122 using the selected transfer method(e.g., tunneling). IP²P_MN 121 and IP²P_CN 122 receive the command,respectively. The command may be referred as a route optimizationcommand.

At step S209, IP²P_MN 121 and IP²P_CN 122 establish an optimized routingpath 150 based on the received command. IP²P_MN 121 secures a routingaddress for MN 101 included in the packets, and routes the packets to CN102 through the established routing path 150.

As a result, packets travel on the path MN 101->IP²P_MN 121->IP²P_CN122->CN 102. Since the IP²Ps are located in the visited network, theyare closer to the MN (and CN, respectively) than the home agents. Thus,this new routing path is shorter than the one via the home agents.

Further the routing address of the MN is applied in a secure manner, andtherefore the location privacy of the MN is preferably protected.

If MN 101 moves to a new IP²P, the new IP²P updates NCPF 140. NCPF 140will notify all the necessary IP²Ps in order to maintain ongoingcommunications with the CNs of the moving MN 101.

As described above, the IP²P is placed into any IP node where all IPtraffic of a given MN is visible, such as the HMIP MAP, the AR, or theAR without HMIP.

The first solution where the IP²P is placed into as the HMIP MAP, theMAPs are not (necessarily) on the same link as the MN. Therefore, IProuting is needed between the attached MN and its MAP. According to theHMIP protocol the MN maintains a bi-directional tunnel with its MAP.Since the MN requires location privacy, the MN uses a bi-directionaltunnel to its HA also. This results in double tunneling between the MAPand the MN (including the air interface).

An arriving MN discovers the available MAPs and registers with a MAP bysending a binding update (BU) containing the MN's IPha and the on-linkaddress (LCoA) to the MAP. The Home address used in the BU is the RCoA.In a public networking case, some authentication and authorizationsignaling is needed to secure the BU before the binding update betweenthe MN and the MAP. As a result, the IP²P in the MAP can learn theidentity of the MN. This enables the IP²P in the MAP to inform the NCPFabout the MN's new location. We note that any signalling that securelyconfers the identity of the MN to the MAP is sufficient, not only AAAsignalling. If no such signaling exists, then this alternative cannot beused.

Since all packets of the MN passes through the MAP (and hence the IP²P)new IP connections of the given MN can be recognized in the MAP by theIP²P. This enables the IP²P to query the NCPF about the identity of thefar end IP²P (IP²P_CN 122), through which the MN's CN is accessible. Forinstance, the IP²P should maintain a table that keeps a relation betweenthe MN (CN) and the serving IP²P.

If IP²P_MN 121 receives a response from RM 141 of NCPF 140, IP²P_MN 121decapsulates the IP packets sent by the MN 101 and transfers them to thefar end IP²P_CN 122. IP²P_CN 122 receives the transferred packets andrestores the packets in a way as if the CN's HA 132 had sent thepackets.

This solution reduces signaling load on the IP² level since IP handoversunder the same MAP are not visible to the NCPF.

The second solution, where the HMIP MAP with the IP²P is placed into anAR, is similar to the one outlined in the previous embodiment. The maindifference is that the MAP is placed into the IP subnet of a VN. Thus noIP routing is mandatory between the MN and the MAP. That is, the MAPalso acts as an AR.

According to the third solution, where the IP²P is placed into an AR,the HMIP protocol is not needed. The basic problem with this approach isthat in basic MIP the MN is not in a signalling relation with the AR,since the AR is not part of the reference model in original MIPv6.Therefore this solution requires a node that is in signalling relationwith the MN. In real deployment scenarios, the ARs are acting asfirewalls that block unauthorized usage of the given accessed network.In this case, the MNs have to be identified by the ARs through the AAAprotocol or the like between the ARs and the MNs. Since the signallingrelation between the AR and the MN through the AAA protocol or the like,an IP²P can be placed into the AR. IP²P functionality is notified if anew MN is successfully identified and the rest of the procedure goes onas depicted by FIG. 4.

Further, the route optimization is not mandatory and is not bind by,time constraints: Initially all IP connections are passing the MN's HA.During the route optimization process data packets continue to flowthrough the HA as in legacy MIP. As a result, the setup for optimalrouting is not time critical. This differs from the original IP², wherea connection is not possible before the optimal routing is set up.Additionally the IP²P may decide to omit route optimization process forsome short-term IP connections (e.g., DNS queries) that do notnecessarily need to be optimized.

In addition, time constraints in IP² handover might be eliminated. Forinstance, if the MN's IP²P is changed all, IP²Ps serving the given MN'sand CNs have to be updated. This is a time consuming process andcommunications with CNs served by un-updated IP²Ps are suspended untilthe update. In the HMIP protocol the MN is allowed to use more than oneMAP. Additionally, in theory a MAP can serve an MN independently of itslocation since there is IP routing between them. In a combined system(IP²+HMIP), after a handover, the old MAP containing the old IP²P can bekept and used as long as the updating of far end IP2Ps is in progress.

In addition it may also reduce the air interface overhead. If the IP²Pand the MN are placed in the same VN no tunneling is needed between theIP²P and the MN including the air interface. However, an extension isneeded for the MIP signalling to inform the MN about this possibility.Thus, the implementation on the MN's side has to be modified in order toenable un-encapsulated data communication on the air interface.

FIG. 5 is an exemplary block diagram illustrating the basic componentsof the proxy node in the preferred embodiments. In the figure, aprocessor unit 500 is the main unit of the proxy node and can beconfigured by logic circuits and/or a CPU with computer programs. Theprocessor unit 500 includes, for example, a detection unit 501, anotification unit 502, a route establishing unit 503, a securing unit504 and a routing unit 505. The processor unit 500 may further includean identification unit that identifies the MN through an authenticationprocess of the mobile unit when the MN is attached to the proxy node.

The detection unit 501 detects a trigger for a packet route optimizationbased on monitoring results of traffic or the type of connection. Forexample, if the determination unit, which may be included in thedetection unit 501, determines that the traffic monitored exceeds apredetermined value, the trigger is detected. Alternatively thedetection unit 501 may detect the trigger based on a type of connectionestablished by the MN.

The notification unit 502 notifies the routing manager of the detectedtrigger. The notification unit 502 may send the arrival notification toRM 141 using IF unit 510. The IF unit 510 is an IP packetsending/receiving circuit.

The route-establishing unit 503 establishes the optimized routing pathaccording to a command received from the routing manager. The command isreceived by the IF unit 510 using the IP² signalling.

The securing unit 504 secures a routing address for the packets from theMN. An address switching method, tunneling method, or secure tunnelingmethod is employed for hiding, masking and/or protecting the routingaddress. The routing address in this embodiment can show the actuallocation of the MN. Examples are the CoA, LCoA or RCoA. In addition, therouting address is different from the home address (IPha). The securingunit 504 may comprise an order-receiving unit that receives a privacyfrom the MN or other node which is in relation with the MN. The privacyorder relates to whether the routing address of the packets should besecured or not.

Further, the securing unit 504 may comprise a decapsulating unit whichdecapsulates the packet encapsulated by the MN and an encapsulating unitthat encapsulates the packet decapsulated by the decapsulating unit tothen route the packet through the optimized routing path.

The routing unit 505 routes the packets secured by the securing unit 504to correspondent node (CN 102) through the established routing path 150.The routing unit 505 may route un-secured packets.

The storage unit 520 stores the table 521 and a computer program 522,and can be configured as a flash memory, RAM and/or hard disk drive. Thetable 521 is used for the route establishing process an/or the routingprocess. The program may be used by the processor unit 500 to realizethe detection unit 501 or the like.

FIG. 6 is a flowchart illustrating a routing process of the exemplaryembodiments.

At step S601, the processor unit 500 determines whether a new MN hasarrived or not. The arrival of the MN, the routing address (e.g. CoA,LCoA or RCoA) and the home address (IPha) of the MN are identifiedthrough the AAA signalling. In case of arrival, the process reaches thenext step. If not, the processor unit 500 waits for the arrival.

At step S602, the processor unit 500 sends the arrival notification toRM 141 using IP² signalling.

At step S603, the detection unit 501 monitors traffic of packets relatedto the MN.

At step S604, the detection unit 501 detects the trigger for routeoptimization from the traffic. As described above, the trigger may bedetected based on the type of connection established to the MN. If thetrigger is detected, the process reaches the next step S605. If not, theprocess goes back to step S603.

At step S605, the notification unit 502 notifies RM 141 that the triggerhas been detected.

At step S606, the processor unit 500 determines whether an optimizationcommand is received from the RM or not. If the optimization command isreceived, the process reaches step S607. If not, the process goes backto step S603.

At step S607, the route-establishing unit establishes the optimizedpacket route according to the received command.

At step S608, the securing unit 504 determines whether the routingaddress of the MN's packets should be secured or not, based on theprivacy order of the MN or the type of connection. If applying theprivacy order, the securing unit further includes an order-receivingunit that receives a privacy order from the mobile node. The privacyorder relates to whether the routing address of the packets should besecured or not. In addition, the MN should include a decision unit whichdecides whether the routing address of the packets should be secured ornot; and an order-sending unit to send the privacy order to the proxynode based on the decision of the decision unit. If it should besecured, the process reaches step S609. If not, the process reaches stepS610.

At step S609, the securing unit 504 applies a securing process topackets. The securing process is to protect the location privacy of theMN using the address switching method, the tunneling method, or thesecure tunneling method. If the tunneling method is employed, thesecuring unit decapsulates the packet encapsulated by the MN andencapsulates the decapsulated packet again. The header of the originalpacket generated in the MN has the IPha of the MN as a source addressand the IPha of the CN as a destination address. After encapsulation atthe MN, another (tunnel) header is added to the packet. The tunnelheader has the CoA of the MN as its source address and the IPha of theCN as its destination address. The tunnel header is removed at the IP²P,and another (tunnel) header is added. The added header has the IPaddress of the IP²P of MN as its source address and the IP address ofthe IP²P of CN as its destination address. The added header is removedat the IP²P of CN, and the packet is routed based on the originalheader. Through these securing processes, the CoA of the MN is notrevealed to the CN.

At step S610, the routing unit 505 routes the packets.

As described-above, the present invention provides some solutioncombining the IP² architecture with the MIP/HMIP system. As a result,route optimization with location privacy is performed by the IP2protocol. However, constraints remain such that the resulting solutionshall be backward compatible with the MIP/HMIP protocols and theMIP/HMIP enabled MNs shall not be modified to preserve MIP/HMIPsignaling.

Although several embodiments of the method, apparatus and system of thepresent invention have been illustrated in the accompanying drawings anddescribed in the foregoing description, it shall, be understood that theinvention is not limited to the embodiments disclosed, but is capable ofnumerous rearrangements, modifications and substitutions withoutdeparting from the spirit of the invention as set forth and defined bythe following claims.

1. A communication system including an IP Backbone (IP BB) thecommunication system including: a mobile node communicating with acorrespondent node; a home agent node managing the mobile node andrelaying packets sent from the mobile node to the correspondent node; aproxy node being located closer to the mobile node than the home agentnode for relaying the packets from the mobile node to the home agentnode; a corresponding proxy node for restoring and relaying packets tothe correspondent node, and a Network Control Platform (NCPF) includinga routing manager managing a route of the packets, the proxy nodecomprising: a detection unit for detecting a trigger of a packet routeoptimization; a notification unit for notifying the routing manager ofthe detected trigger; a route-establishing unit for establishing theoptimized routing path using an address switching method according to acommand received from the routing manager; a securing unit for securinga routing address for the packets, the routing address being dynamicallyallocated to the mobile node; and a routing unit for routing the packetssecured by the securing unit to the corresponding proxy node through theestablished routing path, the routing manager sending the command toestablish an optimized routing path between the proxy node serving themobile node and another proxy node serving the correspondent node whenthe trigger is notified, and the mobile node comprising: a deciding unitfor deciding whether the routing address privacy is required or not; anda sending unit for sending a Binding Update to the correspondent node soas to reveal the routing address when said deciding unit decided thatthe routing address privacy is not required.
 2. The communication systemclaimed in claim 1, wherein the detection unit further comprises: meansfor monitoring traffic of the packets; and means for determining whetherthe traffic monitored exceeds a predetermined value.
 3. Thecommunication system claimed in claim 1, wherein the securing unitdetects the trigger based on a type of a connection established by themobile node.
 4. The communication system claimed in claim 1, wherein theproxy node further comprising: means for receiving the Binding Updatefrom the mobile node; and means for discarding the Binding Update so asto keep the routing address privacy.
 5. The communication system claimedin claim 4, wherein the proxy node further comprising: means forgenerating an activate notification (AN) based on the received BU; andmeans for sending the AN to the NCPF for the route optimization.
 6. Thecommunication system claimed in the claim 1, wherein the securing unitfurther comprising: means for decapsulating the packet encapsulated bythe mobile node; and means for encapsulating the packet decapsulated bythe decapsulating unit to route the packet through the optimized routingpath.
 7. The communication system claimed in claim 6, wherein the mobilenode communicates with the proxy node using an un-encapsulated packetwhen the mobile node and the proxy node are in the same IP subnet. 8.The communication system claimed in claim 4, wherein the proxy nodefurther comprising means for passing the BU addressed to the home agentnode of the mobile node without discarding the BU.
 9. The communicationsystem claimed in claim 1, wherein the proxy node further comprisingmeans for identifying the mobile node through an authentication processof the mobile unit when the mobile node is attached to the proxy node.10. The communication system claimed in claim 1, wherein the proxy nodeis installed in a mobility access point of hierarchical mobile IP. 11.The communication system claimed in claim 8, wherein the mobility accesspoint is placed into an IP subnet of a visited network of the mobilenode.
 12. (canceled)
 13. The communication system claimed in claim 1,wherein the mobile node keeps and uses an old proxy node as long as ahandover updating process is in progress. 14-15. (canceled)
 16. A methodfor a packet communication in a system including an IP Backbone (IP-BB)having a plurality of router nodes, and a Network Control Platform(NCPF) controlling the IP-BB, the IP-BB including: a mobile node forcommunicating with a correspondent node; a home agent node for managingthe mobile node and relaying packets sent from the mobile node to thecorrespondent node; a proxy node, being located closer to the mobilenode than the home agent node, relaying the packets from the mobile nodeto the home agent node; and a corresponding proxy node for restoring andrelaying packets to the correspondent node, and the NCPF including arouting manager managing a route of the packets; the method comprisingthe steps of: detecting a trigger for a packet route optimization at theproxy node; and notifying the routing manager of the detected trigger;sending a command from the routing manager to the proxy node toestablish an optimized routing path between the proxy node serving themobile node and another proxy node serving the correspondent node whenthe trigger is notified by the routing manager, establishing theoptimized routing path using an address switching method according tothe command received from the routing manager; securing a routingaddress for the packets, the routing address being dynamically allocatedto the mobile node; routing the packets secured to the correspondingproxy node through the established routing path, and deciding whetherthe routing address privacy is required or not; and sending a BindingUpdate from the mobile node to the correspondent node so as to revealthe routing address when it is decided that the privacy is not required.17. A proxy node employed in a communication system including an IPBackbone (IP-BB) having a plurality of router nodes, and a NetworkControl Platform (NCPF) controlling the IP-BB, the IP-BB including: amobile node communicating with a correspondent node; a home agent nodemanaging the mobile node and relaying packets sent from the mobile nodeto the correspondent node a proxy node being located closer to themobile node than the home agent node and relaying the packets from themobile node to the home agent node; and a corresponding proxy node whichfor restoring and relaying packets to the correspondent node the NCPFincluding a routing manager managing a route of the packets; the proxynode comprising: a detection unit which for detecting a trigger of apacket route optimization; a notification unit for notifying the routingmanager of the detected trigger; a route-establishing unit forestablishing the optimized routing path using an address switchingmethod according to a command received from the routing manager; asecuring unit for securing a routing address for the packets, therouting address being dynamically allocated to the mobile node; arouting unit for routing the packets secured by the securing unit tocorrespondent node through the established routing path; and a passingunit for passing a Binding Update to the correspondent node to revealthe routing address when the routing address privacy is not required.